1 year ago

#377337

test-img

StuP

Amazon Linux 2 Letsencrypt (via certbot) NodeJS Installation

I run a number of small instances through AWS Elastic Beanstalk running NodeJS with express.

I have them running on Amazon Linux 1 through manually validating my domain and adding the certificate to and .ebextensions config file.

Linux 2 is a different layout and I am a bit lost as to where to go. I have tried a couple of tutorials but there are either not compatible with my NodeJS installation or are of poor explanation.

I have the following setup but when I push this to AWS I get "sudo: certbot: command not found" in the logs

Can anyone help?

File: ./ebextensions/00_install_certbot.config

container_commands:
    00_download_epel:
        command: "sudo wget -r --no-parent -A 'epel-release-*.rpm' http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/"
        ignoreErrors: true
        test: test ! -d "/etc/letsencrypt/"
    10_install_epel_release:
        command: "sudo rpm -Uvh dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-*.rpm"
        ignoreErrors: true
        test: test ! -d "/etc/letsencrypt/"
    20_enable_epel:
        command: "sudo yum-config-manager --enable epel*"
        ignoreErrors: true
        test: test ! -d "/etc/letsencrypt/"
    30_install_certbot:
        command: "sudo yum install -y certbot python2-certbot-nginx"
        ignoreErrors: true
        test: test ! -d "/etc/letsencrypt/"

File: ./ebextensions/01_open_https_port.config

Resources:
    sslSecurityGroupIngress:
        Type: AWS::EC2::SecurityGroupIngress
        Properties:
            GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
            IpProtocol: tcp
            ToPort: 443
            FromPort: 443
            CidrIp: 0.0.0.0/0

File: ./ebextensions/02_grant_executable_rights.config

container_commands:
    00_permission_hook:
        command: "chmod +x .platform/hooks/postdeploy/00_get_certificate.sh"

File: ./ebextensions/03_renew_ssl_certificate_cron_job.config

files:
    /tmp/renew_cert_cron:
        mode: "000777"
        owner: root
        group: root
        content: |
            0 1,13 * * * certbot renew --no-self-upgrade

File: ./platform/hooks/postdeploy/00_get_certificate.sh

#!/usr/bin/env bash
sudo certbot -n -d DOMAIN --nginx --agree-tos --email EMAIL

node.js

amazon-elastic-beanstalk

lets-encrypt

certbot

amazon-linux-2

0 Answers

Your Answer

Accepted video resources

Posts

Questions

Blogs

Jobs